Provisioning Kubernetes User Certificates and RBAC Permissions with CFSSL
Store the cluster CA materials in a working directory:
mkdir -p /root/pki/
cp /opt/kubernetes/ssl/ca-key.pem /root/pki/
cp /opt/kubernetes/ssl/ca.pem /root/pki/
cp /root/k8s/cert/k8s/ca-config.json /root/pki/
The ca-config.json profile defines permitted key usages and an expiration window:
{
"signing": {
"default&quo ...
Posted on Mon, 18 May 2026 08:40:12 +0000 by englishtom